Computer security: Difference between revisions

From BoyWiki
m (Surveillance Self-defence Guide link added, Tails removed)
No edit summary
 
(74 intermediate revisions by 2 users not shown)
Line 1: Line 1:
The term '''computer security''' has several meanings. For boylovers it most often refers to the need to prevent hostile authorities from tracing your boylove Internet activities back to you. Also, you need to be sure that your computer, if seized and searched, does not reveal anything illegal under the laws of the country in which you reside.
The term '''computer security''' for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.


100% security is impossible. It may take the resources of law enforcement in multiple countries (if your Web pages are routed through [[Tor]] or a similar router), but truly being safe in this sense, so you can relax about it and stop being careful, is impossible. Your protection is to make it ''more difficult'' for authorities to trace you, so they'll go bother somebody else. Like installing an alarm system in your house - it guarantees nothing, but it makes breaking in riskier, so the would-be burglar goes to a house with no alarm.
Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. ''Security is a function of the resources your adversary is willing to commit'', said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html</ref>


"Security is a function of the resources your adversary is willing to commit," said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.<ref>"Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html, consulted June 23, 2016.</ref> Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.
[[File:Computer graphic.JPG|right]]
== Internet security==


== Internet security==
The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted <ref>Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet</ref>. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.
The Internet was originally built with no security, as it came out of a military environment in which all participants are known and trusted. (See http://en.wikipedia.org/wikiArpanet]]. Anonymity and security (privacy) have been grafted onto a platform which officially ignores security (except


The Internet security situation is always in flux. Privacy enthusiasts like Apple Computers, and many others, are constantly trying to make you safer: hidden identity, with no foreign access to the contents of your computer, phone, or tablet. Law enforcement and governments operate various forensic computer labs trying to penetrate the progressively better security. Though hopefully what follows is correct as of today (2016), it may soon be out of date.
There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.


===Web browsers===
===Web browsers===


A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of taking the data received — most of it strings of characters which are meaningless if not processed — and transforming it into a form meaningful to a human, while formatting the whole so it will display optimally on your computer/smartphone/tablet. The most popular browsers as of this writing (2016) are Firefox, Google's Chrome, Microsoft Internet Explorer, Apple's Safari, and Opera.
A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.


When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it.  It also includes the browser and operating system used, and sometimes the hardware used.
When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it.  It also includes the browser and operating system used, and sometimes the hardware used.
Line 18: Line 19:
===IP Address===
===IP Address===


While you are connected to the Internet you are identified by a unique number known as an [[IP address]]. (IP stands for "Internet Protocol".) The number takes the form '''n.n.n.n''' (such as 127.1.67.235). It may be different each time you connect. Your Internet Service Provider assigns these numbers, and knows the history of each IP address it uses and can provide law enforcement with the name and location of each user. Your Internet Service Provider routinely logs each page a user visits. Thus no Internet activity can be anonymous, unless specialized software, discussed below, is used to conceal it.
Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for ''Internet Protocol'', an IPv4 address number is made up of 32 bits and takes the form '''n.n.n.n''', IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf
 
Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.  
 
Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. <ref>Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed</ref>


In some countries this information is passed on to police routinely, or the government has direct access to all servers in the country. In others it receives some protection, but little in practice. A search warrant signed by a judge, required in the United States, is easy to obtain. National Security Letters, authorized by Congress and used by federal agencies such as the FBI, do not require a judge's approval. Under the guise of protection from security threats to the United States, they require Internet Service Providers to release to them all data they have about any user: Web sites visited, purchases made, your name and address, your email address, your credit card numbers. Furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received; it would be a crime to notify you.
In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.


Given the recent history of misconduct by the FBI and similar agencies, it would be naïve to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.
In addition to your ISP,  Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. <ref>Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html</ref>


In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders.
To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a [[Proxy and VPN|VPN or Tor]].


=== Virtual Private Networks (VPNs) ===
=== Virtual Private Networks (VPNs) ===


A [[Proxy_and_VPN|Virtual Private Network]], often used in business and government, and by terrorists, connects you to a proxy server. The proxy server will receive your request for an Internet page and forward it using their IP address instead of yours, then forward the data received back to you. Many claim they keep no logs, or keep them very briefly. A proxy server located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone/tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but what page you requested is not visible. The page sent back to you is similarly encrypted; the client software on your computer decrypts it.
A [[Proxy_and_VPN|Virtual Private Network]] creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.  


In most Western democracies using a VPN is completely legal and there are many "legitimate" purposes to use one, such as secure access to a stock market account. However, if authorities are investigating someone, the use of a VPN will look suspicious, even if it is legal.
A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will [[encryption|encrypt]] your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.


The Onion Router ([[Tor]]) is a chain of cooperating proxy servers, usually in multiple countries.
In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.
 
The Onion Router [[Tor]] is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.


==What information does your browser store?==
==What information does your browser store?==
Line 38: Line 45:
Most  web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:
Most  web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:


# All Web page addresses (URLs) you entered into your browser's address bar to tell it which sites to go to. This is found in your browser's History, with links to the pages you visited.
# All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
# The page itself in your cache.
# The page itself in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
# Any embedded elements, such as graphics or scripts, saved separately in your cache.
Line 46: Line 53:
===Address Bar and History===
===Address Bar and History===


Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leave a breadcrumb trail for others to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity. Many browsers allow you to change your settings to not store this information. All major browsers have a menu command to delete the history; but this is no protection to law encorcement, which can easily recover it. Youhave to secure erase it. Since it is not always obvious where each browser stores its history, the safest way is to delete or uninstall the browser, wipe (secure erase) the free area, then do a new installation of the browser. Future data is retained until the process is repeated.
Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.
A better choice is to install the browser on a http://en.wikipedia.org/wiki/flash_drive
 
All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.


===The Browser Cache===
===The Browser Cache===


The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, stylesheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server. The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However none does a secure erase and the data is still recoverable by law enforcement. The solution is to get secure erase software, easily found by a Google search, and have it wipe all "blank" areas of the disk, which is full of your discards.
The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.
 
The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.


===Cookies===
===Cookies===


[[Cookie]]s are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site.<sup>Not true of all browsers.</sup> Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.  
Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.  


Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.<sup>Not true of all browsers.</sup>
Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.


==="Private" or "Incognito" mode===
==="Private" or "Incognito" mode===
Modern browsers often have what is called "private" or "incognito" mode. When activated, no history or cache is kept, search terms are not saved, and cookies are not accepted. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider which pages you visited, or which terms you searched for.
==Hardware==
===The iPhone/iPad===
Recent versions of Apple's iOS operating system, used on the iPhone, iPad, and iPod, [[encrypt]] all information on the device. A user-chosen 4- digit (later 6-digit) passcode must be created when the phone is first used, and it must be entered each time the device restarts (after complete shutdown). The passcode is also required when a screen lock activates after a certain (adjustable) period of inactivity; this feature is on by default, though it can be turned off.
Finding the 4-number passcode by the what cryptographers call the "brute force" method (trying all 9999 possible codes) is almost impossible, because the iPhone only permits 10 attempts to enter the code. After that the phone is frozen, and a setting, not enabled by default, will cause all data on the phone to be erased after 10 unsuccessful attempts.


This [[encryption]] on the iPhone has never been defeated by either thieves or law enforcement. Police and similar agencies have hundreds of seized iPhones, which cannot be accessed without the passcode. Apple itself cannot break the [[encryption]].
Modern browsers often have what is called ''Private Browsing'' (Firefox) or ''Incognito Mode'' (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. <ref> Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing</ref>


In theory, Apple could assist law enforcement by writing a new version of the iOS operating system, which could defeat some or all of the security that makes it impossible to break into an iPhone. As of this writing (March 2016) the FBI has, through a court, ordered Apple to write this software. Apple is fighting this in the courts, saying they have already turned over all the information they have on the phone in question, and a search warrant cannot compel them to write software that does not exist. This has provoked a considerable debate in the United States about whether, in principle, [[encrypted]] information should be decryptable by police and other government agencies. While the FBI says they are only seeking to access one phone, other agencies, such as the New York County District Attorney's office, are lining up to have many other phones decrypted if the FBI prevails. Apple claims that the software, if created, would be impossible to control, and repressive governments, such as China's, would use it against political dissidents. The FBI-Apple case will probably not be resolved until 2017. Congress may try to arrive at a policy, which would be addressed in new legislation.
== Windows 10 & Windows 11 ==


All of the data on the phone is backed up onto servers operated by Apple, which are easily accessed by law enforcement. This backup can easily be turned off by the user. If this is done, the iPhone is at present the personal computer which, as sold, has the greatest privacy protection.
* Microsoft account: The Microsoft Windows 10/11 operating system attempt to convince users to sign up for a Microsoft account, signing into Windows 10/11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers, the data contains your Internet browsing history, passwords and settings saved. <ref> 5 privacy settings you should change in Windows 10 https://www.cnet.com/how-to/5-privacy-settings-to-change-in-windows-10/</ref> to avoid this use a local Windows 10 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around.


===Erasing history, cache, and cookies===
* OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, <ref>Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686</ref> the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.
All major browsers offer the user the means to easily erase the information the browser has stored: Web sites visited, search history, cookies, passwords. However, like any erased file, it is only invisible, and is not really gone until the file is overwritten.<sup>Not true of all browsers.</sup> Specialized but inexpensive software will overwrite the "erased" data multiple times. However, all or most of this information is retained by your Internet service provider (ISP), where law enforcement can easily access it through a subpoena.<sup>Not true of all browsers.</sup>


===Using a VPN (Virtual Private Network) to hide your Internet activity from your Internet service provider===
* Cortana: Microsoft speech assistant is turned on by default, it collects and analyses speech data like your name, contacts and calendar events, they are all saved on Microsoft servers. You can not uninstall Cortana from Windows but you can turn it off in settings and you should do that if you are privacy conscious.


[Comment by another Editor at BoyWiki who disputes the accuracy of this section: Using a VPN service is ''not'' necessary if you already use the Tor browser bundle. In fact, depending on a private company to protect your security could be very dangerous, and could ''defeat the anonymity'' that Tor provides by your making payment for the service under your real name! End Comment.]
== Smartphones and tablets ==


[Comment on previous comment by another editor: use of TOR does not make a VPN unnecessary. TOR security has been broken. To the present writer's knowledge, and I pay attention to the news on this, VPN security has not been. Any VPN is better than none. The best are those that claim to keep no records of who requests what page. Using a VPN in a different country is recommended. Some VPN's are free. The Opera browser includes a VPN, although obviously it only deals with material that comes through Opera (not e-mail). If one uses a paid VPN, and pays for it by any electronic method, the fact that you are using a VPN cannot be kept secret. Your Internet Service Provider will know anyway. Using a VPN is not illegal in the US, and many businesses use them routinely.]
Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. <ref> UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/ </ref>, in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. <ref>Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution </ref>.


An easy way to greatly increase your Internet privacy is the use of a [[VPN|VPN or proxy server]]. [https://www.boywiki.org/en/Encryption Encrypted] requests go to the VPN, which in turn requests the Web pages you specify, but with its own IP address instead of yours. Web sites send the VPN the pages you request, and it forwards them to you.
Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.


All your ISP knows is that you sent [https://www.boywiki.org/en/Encryption encrypted] data to the proxy server and received different data back. Proxy servers, which necessarily know what pages the user wants, and the IP address of the user (you), usually make a point of not storing this information, so there is nothing to subpoena.
=== iPhone/iPad ===


In picking a VPN, choose one located where privacy protections are strong (primarily Western democracies, not including the U.S. and U.K.) Choosing one in a different country may make it more difficult for law enforcement to access it.
All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data <ref>How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection</ref>, however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.


Some VPNs are free, although they are not expensive to pay for and get additional features. Research your VPNs through articles and reviews of them. It is not impossible that a phony VPN be set up to collect your data instead of protecting it.
In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. <ref>Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse</ref>. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.


==Computer Safety Tools==
=== Android ===


1. Visualize and Wipe Thumbnail Images
The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.


Thumbnails are snapshot images of the files you browse. They don't get removed even after you delete or wipe files, which can be a really serious issue for some people. This tool lets you visualize them (to see if you have a problem), and optionally wipe them. It finds stuff the above cleanup tools totally miss.
The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.


Works with: Windows 7, 8, 10
== See also ==
Price: Basic edition is Free. Premium edition is $9.95.
Ease of use: Very easy.
Recommendation: ESSENTIAL. If you do nothing else, get this. Run it frequently.
Free: https://merlin.world/get-thumbprints-viewer
Premium: https://merlin.world/get-thumbprints-wiper


2. Disable WebRTC
WebRTC is an acronym signifying real time communications, embedded in your web browser to support voice calls. The problem is, it transmits your actual IP address even if you are using a VPN.
Check if your WebRTC is leaking: https://www.browserleaks.com/webrtc
Works with: FireFox, Chrome.
Price: Free
Ease of use: Very Easy.
Recommendation: ESSENTIAL, if you use a VPN.
- Firefox Disable WebRTC: https://addons.mozilla.org/en-US/firefox/addon/happy-bonobo-disable-webrtc/
- Chrome WebRTC leak prevent: https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml
==See also==
* [[Privacy Freeware]]
* [[Privacy Freeware]]
* [[SAFE Network]]
* [[Tor|The Onion Router Tor]]
* [[Tor|The Onion Router Tor]]
* [[The Dangers of using VPN]]
* [[The Dangers of using VPN]]
==External links==
* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://www.whatismybrowser.com/ WhatIsMyBrowser.com] See your Interner browser headers
* [https://www.bleachbit.org/ BleachBit Privacy Cleaner]
* [https://privazer.com/ PrivaZer Privacy Cleaner]


==References==
==References==
Line 139: Line 110:
[[Category:Essential reading for BoyLovers]]
[[Category:Essential reading for BoyLovers]]
[[Category:Technology]]
[[Category:Technology]]
== External links ==
* [https://ssd.eff.org/ Surveillance Self-defence Guide] Electronics Frontiers Foundation guide
* [https://whatismybrowser.com/ WhatIsMyBrowser.com] See your Internet browser headers
* [https://bleachbit.org/ BleachBit Privacy Cleaner]
* [https://oo-software.com/en/shutup10 ShutUp10++:Free antispy tool for Windows 10 and 11]
* [https://f-droid.org/ F-Droid open source app store for Android]

Latest revision as of 17:14, 10 February 2023

The term computer security for boylovers normally refers to preventing hostile operatives from tracing your Internet activities back to you. You need to make sure that your computer, if stolen or lost, does not reveal anything linking you to any boylove activities, even if activism is legal. That still means the risk of losing your job, friends, and family, and being physically attacked.

Although one hundred per cent security is impossible, you can make it more difficult for hackers and authorities to trace you, so they'll go bother somebody else. It is like installing an alarm system in your house - it guarantees nothing, but it makes breaking in burdensome, so the would-be burglar goes to a house with no alarm. Security is a function of the resources your adversary is willing to commit, said Julian Sanchez, a policy expert with the Cato Institute in Washington, D.C.[1]

Because terrorists are perceived as a bigger danger than boylovers, the bulk of the computing power available in the world (always finite) is focused on them.

Internet security

The Internet was originally built with no security, as it came out of a military environment in which all participants were known and trusted [2]. Privacy and security is continuously grafted onto the platform as it grows and expands into new fields that their creators never designed it for. With complexity it increases the chances of a vulnerability being exploited for nefarious purposes, Internet Security is a game of a whack a mole, you should never lower your guard.

There are technological advances every single day, if you care about computer security, you must read about technology and security news as often as you can to update your knowledge, what is safe today might change tomorrow, by being up to date on technological advances you can plan for the future, for example, by picking a strong encryption algorithm that will be safe for the next twenty years.

Web browsers

A Web browser is a program that runs on your computer/smartphone/tablet and is used to access the Internet. It has the function, among others, of decoding the data received — most of it strings of characters are meaningless if not processed — and transforming them into a meaningful form to a human while displaying it optimally on your computer/smartphone/tablet. Chrome, Firefox, Microsoft Edge and Apple's Safari are some example of Internet browsers.

When your browser sends a request for a page to a web server, it goes first to your Internet Service Provider (in some countries a government agency), which records it and sends it on its way on the Internet. Together with the name/address of the page desired, the request includes information about you. Most important is your IP (Internet protocol) address, a string of numbers that identifies the requesting computer, so that the desired data can be sent to it. It also includes the browser and operating system used, and sometimes the hardware used.

IP Address

Every device connected to the Internet is identified by a unique number known as an IP address, IP stands for Internet Protocol, an IPv4 address number is made up of 32 bits and takes the form n.n.n.n, IPv4 address example: 127.1.67.235. To cope with Internet growth, due to IPv4 addresses running out, a new Internet Protocol Version called IPv6 was developed, they are made up of 128 bits and represented as eight groups of four hexadecimal digits with the groups being separated by colons, IPv6 address example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

Both protocols IPv4 and IPv6 are interoperable, the numbers may be different each time you connect but your Internet Service Provider assigns these numbers, they know the history of each IP address, they can provide law enforcement with the name and address of the subscriber that has been assigned a particular IP address.

Internet Service Providers have the capacity of logging each page a user visits and blocking access to them, in some countries this is a reality. In the United Kingdom the Investigatory Powers Bill forces Internet Service Providers to keep web records of users for 12 months. [3]

In the United States, if national security is at stake, National Security Letters, authorised by Congress can be used by federal agencies. They require Internet Service Providers to release to all data they have about any user, furthermore, the Internet Service Provider is prohibited from informing you that a request for information about you has been received. Given the recent history of misconduct by the FBI and similar agencies, it would be naive to assume that all of these warrantless, secret searches are for legitimate national security purposes. It is well documented that if evidence of any illegal activity is found in the data gathered using a National Security Letter, even if it has no relevance to national security, that data can be and is legally used to bring criminal charges.

In addition to your ISP, Web sites routinely log the IP address of every visitor, together with the browser they are using and operating system. This information may also be retained indefinitely. While a subpoena is usually necessary for law enforcement to obtain access in the United States, a subpoena may entail little more for the requesting agency than filling out an online form. In many countries law enforcement has total access to servers within its borders. [4]

To secure your web browsing and stop Internet Service Providers from logging, spying and censoring your Internet activities, you can use a VPN or Tor.

Virtual Private Networks (VPNs)

A Virtual Private Network creates an encrypted tunnel and connects you to a proxy server that will receive your data request for an Internet page or download and forward it using the VPN server IP address instead of yours, because of the encryption, your Internet Service Provider will not be able to see what you are doing on the Internet or intercept your communications, only the VPN provider will be able to do that, many claim they keep no logs, or keep them very briefly but such claims must be treated with caution as you have no way to verify it.

A VPN provider located in a foreign country, simply because of the hassle of dealing with an agency of another country, can provide more protection than a domestic one. The client software running on your computer/smartphone or tablet will encrypt your request for a Web page, so even if your data is being monitored, all the monitor can tell is that a certain IP address (you) sent a request to a VPN, but the URL of the page that you requested is not visible. Another use of a VPN is being able to access websites that are georestricted, for example watching CBS online outside the USA.

In most Western countries using a VPN is completely legal and there are many legitimate purposes to use one, like wanting to secure your Internet activities on a Wifi access point or a business looking for secure access to a stock market account.

The Onion Router Tor is a chain of proxy servers located in multiple countries and it is far more secure than a VPN, however speed is slower.

What information does your browser store?

Most web browsers store a great deal of information every time you visit a web page; law enforcement accesses it by running the program Browser Postmortem. This storage is intended to make it easier for you to later find and reload already visited Web pages. What information is stored, how and where, depends on which browser you use, which version you have, on what platform or operating system you are running it, and your personal security settings. Some of the items a browser may record are:

  1. All web page addresses (URLs) you entered into your browser's address bar. This is found in your browser's History.
  2. The page itself in your cache.
  3. Any embedded elements, such as graphics or scripts, saved separately in your cache.
  4. Cookies.
  5. Search history (terms searched for by search engines).

Address Bar and History

Both the browser history and address-bar list make it easier to access recently-visited sites by storing the addresses of any site you visit. These effectively leaves a trail for others with access to your computer to find and follow your activity on the Internet. Anyone else who uses or has access to your browser can easily look at your recent internet activity.

All major browsers have a menu command to delete the history; but this is no protection and can be easily recovered with specialist software by law enforcement or computer technicians. There are programs like Bleachbit that will securely overwrite temporary files so that recovery it is not possible but wiping software is not 100% perfect, the only way to be sure that no data will ever be recovered from your computer is to encrypt the whole hard drive or use a live DVD to browse the Internet, for example Tails.

The Browser Cache

The browser cache is designed to make loading frequently-accessed pages quicker. Downloading a page from the internet takes time, so the cache is designed to store entire pages from sites which you visit. Some browsers create a single cache file, while others may store embedded elements such as images, style-sheets or scripts separately. When you type an address into your browser it will check with the server to see if the page has been modified since last accessed and if there are no changes it will draw the page from the cache rather than from the server.

The browser cache is a record of the sites you have visited and can easily be accessed by others. Major browsers have a menu selection to erase the cache. However it does not securely erase the data is still recoverable with specialist undelete software. A medium security solution is to deploy secure erasing software like CCleaner, or browse the Internet in incognito mode, it considerably reduces the information available in your hard drive but not all of it if your opponent has high IT skills he might still be able to recover small bits of information.

Cookies

Cookies are small files used to by web sites to either store settings or track what you do online. They are sent to your computer and stored by your browser when you visit a site. Cookies are necessary for innocent purposes such as automating log-in and storing preferences, and providing targeted advertising, but they too leave their footprints for others to follow. If someone can look at what cookies you have stored in your Internet browser they can find out what websites you visited and the associated usernames.

Inside your Internet browser settings you can manually erase cookies but this will not be done safely unless they are overwritten with specialist Internet privacy software that stops computer forensic tools from unerasing them.

"Private" or "Incognito" mode

Modern browsers often have what is called Private Browsing (Firefox) or Incognito Mode (Chrome), when activated, no browsing history, cookies or cache are kept. Once all tabs are closed, all session information is discarded. However, it does not conceal from your Internet Service Provider, workplace, library or Internet cafe which pages you visited and it will not stop other applications in your computer. like a keylogger, from monitoring what you are browsing, if you have downloaded a file in Incognito mode, this file will remain in your hard drive. [5]

Windows 10 & Windows 11

  • Microsoft account: The Microsoft Windows 10/11 operating system attempt to convince users to sign up for a Microsoft account, signing into Windows 10/11 with your Microsoft account will immediately sync (upload) settings and data to the company’s servers, the data contains your Internet browsing history, passwords and settings saved. [6] to avoid this use a local Windows 10 account instead of a Microsoft cloud account. At the moment of writing, Windows 11 is making it impossible for users to operate without creating a Microsoft cloud account, there are ways around this but as the situation keeps changing, instead of a providing a solution that will quickly be out of date, you are advised to use a search engine to search for a work around.
  • OneDrive: When you upload files to OneDrive they are automatically scanned to detect child pornography, [7] the main problem with this is approach is that Microsoft treats everybody like a suspected criminal and child pornographer without being one, it is like having to submit yourself to a search without any evidence of any wrongdoing and without any warrant, by agreeing to using OneDrive, you are waving your privacy rights, the same for Dropbox and other cloud services. If you care about not being treated like a suspected criminal, uninstall OneDrive from Windows.
  • Cortana: Microsoft speech assistant is turned on by default, it collects and analyses speech data like your name, contacts and calendar events, they are all saved on Microsoft servers. You can not uninstall Cortana from Windows but you can turn it off in settings and you should do that if you are privacy conscious.

Smartphones and tablets

Android and iPhones have encryption turned on by default and you can and should lock them with a passphrase, but in some countries like the United Kingdom the law forces you to hand over your decryption keys when law enforcement requests it. [8], in other countries like the United States you can plead the Constitution Fifth Amendment right not to self-incriminate and refuse handing over the password to your phone, however if the smartphone is switched on when seized it is trivial to access the content without your consent and if it is switched off they could try a brute force attack, but this is very time consuming and expensive depending on password difficulty and might not work in the end. [9].

Consider using a VPN to protect your Internet connection from illegal spying by hackers and government agencies, nearly all of the big VPN companies smartphone apps have a setting to block advertising and tracking cookies, that will save you from downloading an app to block adverts. If you are in a high security environment you might want to download an antivirus for your smartphone but this will quickly drain your battery. You should only download apps from the official store as otherwise you risk downloading a trojan into your phone. A good open source alternative to Android and Apple Marketplace is F-Droid.

iPhone/iPad

All of the data on the iPhone is backed up onto servers operated by Apple, a default behaviour that can be turned off in settings. The iCloud used to be easily accessible by law enforcement because Apple holds the decryption key for iCloud, in 2023 Apple announced that they would be encrypting iCloud with a system called Advanced Data Protection that makes it impossible for their own staff to access your data [10], however it is the user who must turn this on in the settings and you should keep your eyes open in the tech news because Apple appears to often change their stance on data privacy depending on the political climate.

In 2021 Apple announced that they would scan all iPhones to detect child porn and report it to law enforcement, unlike iCloud, where Apple only scans the files you upload to detect child porn, Apple intention was to scan anything stored in the phone regardless of whether it is being uploaded to their cloud servers or not. [11]. After outrage from privacy activists and users, in fear that a system like that could be used by dictatorships like China to require Apple to scan iPhones for anything they see fit, not only child porn, Apple decided to quietly shelve the plan.

Android

The security and privacy of an Android phone is not much more different from an iPhone, the main difference is that while Apple makes the software and the hardware of an iPhone, in Android, Google only develops the software and licenses it to multiple hardware vendors that build the phone, now you have two companies that could violate your privacy, Google and your smartphone vendor, try to stay away from cheap little known Chinese smartphone brands as some of them ship with spyware. Regarding the Android OS, you should not trust Google Drive, Gmail or any other Google product that comes embedded with the operating system, while Apple makes money selling hardware, Google does not, their main reason to give away Android for free is that they will push you to use their products, mine your data and make money with it.

The main way to secure an Android phone, always bearing in mind that it might not be possible 100%, familiarise yourself with the privacy and security settings of Android and turn off all the data sharing which is on by default, protect access to your phone with a passphrase, and don´t use any Google product that comes with the phone.

See also

References

  1. "Beat the FBI: How to Send Anonymous Email Without Getting Caught", by Ben Weitzenkorn,http://www.tomsguide.com/us/-anonymous-email-how-to,news-17511.html
  2. Wikipedia: History of the Internet https://en.wikipedia.org/wiki/History_of_the_Internet
  3. Investigatory Powers Bill UK https://www.wired.co.uk/article/ip-bill-law-details-passed
  4. Russia demands access to VPN providers’ servers https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html
  5. Myths about private browsing: https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing
  6. 5 privacy settings you should change in Windows 10 https://www.cnet.com/how-to/5-privacy-settings-to-change-in-windows-10/
  7. Microsoft tip leads to child porn arrest in Pennsylvania https://www.bbc.com/news/technology-28682686
  8. UK police can now force you to reveal decryption keys: https://www.theregister.co.uk/2007/10/03/ripa-decryption_keys_power/
  9. Forcing Someone to Unlock and Decrypt Their Phone Violates the Constitution https://www.eff.org/deeplinks/2017/03/eff-court-forcing-someone-unlock-and-decrypt-their-phone-violates-constitution
  10. How to lock down your iCloud with Apple's Advanced Data Protection https://www.inverse.com/gear/how-to-lock-down-icloud-ios-16-apple-advanced-data-protection
  11. Apple to start scanning US iPhones for images of child sexual abuse https://www.france24.com/en/americas/20210806-apple-to-start-scanning-us-iphones-for-images-of-child-sexual-abuse

External links